rugged 1.5.0.1 → 1.6.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ext/rugged/extconf.rb +2 -2
- data/ext/rugged/rugged_blame.c +2 -0
- data/ext/rugged/rugged_blob.c +3 -0
- data/ext/rugged/rugged_commit.c +1 -0
- data/ext/rugged/rugged_config.c +2 -0
- data/ext/rugged/rugged_diff.c +1 -0
- data/ext/rugged/rugged_index.c +2 -0
- data/ext/rugged/rugged_patch.c +1 -0
- data/ext/rugged/rugged_rebase.c +1 -0
- data/ext/rugged/rugged_reference.c +1 -0
- data/ext/rugged/rugged_remote.c +1 -0
- data/ext/rugged/rugged_repo.c +5 -2
- data/ext/rugged/rugged_revwalk.c +5 -1
- data/ext/rugged/rugged_submodule.c +1 -0
- data/ext/rugged/rugged_tag.c +1 -0
- data/ext/rugged/rugged_tree.c +4 -0
- data/lib/rugged/index.rb +1 -1
- data/lib/rugged/tree.rb +1 -1
- data/lib/rugged/version.rb +1 -1
- data/vendor/libgit2/CMakeLists.txt +5 -1
- data/vendor/libgit2/COPYING +30 -0
- data/vendor/libgit2/cmake/ExperimentalFeatures.cmake +23 -0
- data/vendor/libgit2/deps/ntlmclient/CMakeLists.txt +2 -0
- data/vendor/libgit2/include/git2/common.h +13 -6
- data/vendor/libgit2/include/git2/deprecated.h +6 -0
- data/vendor/libgit2/include/git2/diff.h +1 -1
- data/vendor/libgit2/include/git2/experimental.h +20 -0
- data/vendor/libgit2/include/git2/indexer.h +29 -0
- data/vendor/libgit2/include/git2/object.h +28 -2
- data/vendor/libgit2/include/git2/odb.h +58 -7
- data/vendor/libgit2/include/git2/odb_backend.h +106 -18
- data/vendor/libgit2/include/git2/oid.h +115 -15
- data/vendor/libgit2/include/git2/repository.h +20 -1
- data/vendor/libgit2/include/git2/stash.h +60 -6
- data/vendor/libgit2/include/git2/strarray.h +0 -13
- data/vendor/libgit2/include/git2/sys/odb_backend.h +1 -1
- data/vendor/libgit2/include/git2/sys/transport.h +12 -0
- data/vendor/libgit2/include/git2/version.h +4 -4
- data/vendor/libgit2/include/git2.h +1 -0
- data/vendor/libgit2/src/CMakeLists.txt +0 -6
- data/vendor/libgit2/src/cli/CMakeLists.txt +6 -2
- data/vendor/libgit2/src/cli/cmd_hash_object.c +27 -8
- data/vendor/libgit2/src/cli/opt.c +1 -1
- data/vendor/libgit2/src/libgit2/CMakeLists.txt +25 -15
- data/vendor/libgit2/src/libgit2/annotated_commit.c +1 -1
- data/vendor/libgit2/src/libgit2/annotated_commit.h +1 -1
- data/vendor/libgit2/src/libgit2/attr_file.c +1 -1
- data/vendor/libgit2/src/libgit2/attrcache.c +1 -1
- data/vendor/libgit2/src/libgit2/blame.c +2 -0
- data/vendor/libgit2/src/libgit2/blob.c +4 -2
- data/vendor/libgit2/src/libgit2/blob.h +2 -2
- data/vendor/libgit2/src/libgit2/branch.c +2 -2
- data/vendor/libgit2/src/libgit2/cherrypick.c +3 -3
- data/vendor/libgit2/src/libgit2/clone.c +31 -2
- data/vendor/libgit2/src/libgit2/commit.c +52 -17
- data/vendor/libgit2/src/libgit2/commit.h +25 -7
- data/vendor/libgit2/src/libgit2/commit_graph.c +47 -32
- data/vendor/libgit2/src/libgit2/commit_graph.h +3 -0
- data/vendor/libgit2/src/libgit2/commit_list.c +6 -2
- data/vendor/libgit2/src/libgit2/config.c +1 -1
- data/vendor/libgit2/src/libgit2/config_file.c +2 -2
- data/vendor/libgit2/src/libgit2/describe.c +8 -8
- data/vendor/libgit2/src/libgit2/diff.c +5 -1
- data/vendor/libgit2/src/libgit2/diff_file.c +15 -6
- data/vendor/libgit2/src/libgit2/diff_generate.c +17 -12
- data/vendor/libgit2/src/libgit2/diff_print.c +5 -5
- data/vendor/libgit2/src/libgit2/diff_tform.c +4 -0
- data/vendor/libgit2/src/libgit2/email.c +2 -2
- data/vendor/libgit2/src/libgit2/experimental.h.in +13 -0
- data/vendor/libgit2/src/libgit2/fetch.c +3 -6
- data/vendor/libgit2/src/libgit2/fetchhead.c +4 -4
- data/vendor/libgit2/src/libgit2/ident.c +3 -3
- data/vendor/libgit2/src/libgit2/index.c +11 -9
- data/vendor/libgit2/src/libgit2/indexer.c +107 -44
- data/vendor/libgit2/src/libgit2/iterator.c +4 -2
- data/vendor/libgit2/src/libgit2/libgit2.c +19 -0
- data/vendor/libgit2/src/libgit2/merge.c +3 -3
- data/vendor/libgit2/src/libgit2/midx.c +16 -15
- data/vendor/libgit2/src/libgit2/mwindow.c +5 -2
- data/vendor/libgit2/src/libgit2/mwindow.h +4 -1
- data/vendor/libgit2/src/libgit2/notes.c +5 -5
- data/vendor/libgit2/src/libgit2/object.c +89 -25
- data/vendor/libgit2/src/libgit2/object.h +12 -3
- data/vendor/libgit2/src/libgit2/odb.c +194 -50
- data/vendor/libgit2/src/libgit2/odb.h +43 -4
- data/vendor/libgit2/src/libgit2/odb_loose.c +128 -70
- data/vendor/libgit2/src/libgit2/odb_pack.c +96 -44
- data/vendor/libgit2/src/libgit2/oid.c +134 -76
- data/vendor/libgit2/src/libgit2/oid.h +183 -9
- data/vendor/libgit2/src/libgit2/pack-objects.c +15 -4
- data/vendor/libgit2/src/libgit2/pack.c +90 -66
- data/vendor/libgit2/src/libgit2/pack.h +29 -15
- data/vendor/libgit2/src/libgit2/parse.c +4 -3
- data/vendor/libgit2/src/libgit2/patch_parse.c +5 -5
- data/vendor/libgit2/src/libgit2/push.c +13 -3
- data/vendor/libgit2/src/libgit2/reader.c +1 -1
- data/vendor/libgit2/src/libgit2/rebase.c +19 -18
- data/vendor/libgit2/src/libgit2/refdb_fs.c +70 -39
- data/vendor/libgit2/src/libgit2/reflog.c +7 -5
- data/vendor/libgit2/src/libgit2/reflog.h +1 -2
- data/vendor/libgit2/src/libgit2/refs.c +2 -0
- data/vendor/libgit2/src/libgit2/remote.c +38 -37
- data/vendor/libgit2/src/libgit2/remote.h +40 -0
- data/vendor/libgit2/src/libgit2/repository.c +212 -36
- data/vendor/libgit2/src/libgit2/repository.h +9 -0
- data/vendor/libgit2/src/libgit2/reset.c +2 -2
- data/vendor/libgit2/src/libgit2/revert.c +4 -4
- data/vendor/libgit2/src/libgit2/revparse.c +23 -7
- data/vendor/libgit2/src/libgit2/revwalk.c +5 -1
- data/vendor/libgit2/src/libgit2/stash.c +201 -26
- data/vendor/libgit2/src/libgit2/strarray.c +1 -0
- data/vendor/libgit2/src/libgit2/strarray.h +25 -0
- data/vendor/libgit2/src/libgit2/streams/openssl.c +1 -1
- data/vendor/libgit2/src/libgit2/streams/openssl_dynamic.c +7 -3
- data/vendor/libgit2/src/libgit2/streams/socket.c +4 -1
- data/vendor/libgit2/src/libgit2/submodule.c +6 -2
- data/vendor/libgit2/src/libgit2/sysdir.c +294 -7
- data/vendor/libgit2/src/libgit2/sysdir.h +39 -9
- data/vendor/libgit2/src/libgit2/tag.c +29 -10
- data/vendor/libgit2/src/libgit2/tag.h +2 -2
- data/vendor/libgit2/src/libgit2/threadstate.h +1 -1
- data/vendor/libgit2/src/libgit2/transports/http.c +8 -7
- data/vendor/libgit2/src/libgit2/transports/httpclient.c +9 -0
- data/vendor/libgit2/src/libgit2/transports/httpclient.h +10 -0
- data/vendor/libgit2/src/libgit2/transports/local.c +14 -0
- data/vendor/libgit2/src/libgit2/transports/smart.c +35 -0
- data/vendor/libgit2/src/libgit2/transports/smart.h +10 -1
- data/vendor/libgit2/src/libgit2/transports/smart_pkt.c +153 -41
- data/vendor/libgit2/src/libgit2/transports/smart_protocol.c +42 -12
- data/vendor/libgit2/src/libgit2/transports/ssh.c +333 -101
- data/vendor/libgit2/src/libgit2/transports/winhttp.c +9 -4
- data/vendor/libgit2/src/libgit2/tree-cache.c +4 -4
- data/vendor/libgit2/src/libgit2/tree.c +22 -16
- data/vendor/libgit2/src/libgit2/tree.h +2 -2
- data/vendor/libgit2/src/libgit2/worktree.c +5 -0
- data/vendor/libgit2/src/util/CMakeLists.txt +7 -1
- data/vendor/libgit2/src/util/fs_path.c +1 -1
- data/vendor/libgit2/src/util/futils.c +0 -3
- data/vendor/libgit2/src/util/git2_util.h +2 -2
- data/vendor/libgit2/src/util/hash/openssl.c +4 -3
- data/vendor/libgit2/src/util/hash/rfc6234/sha.h +0 -112
- data/vendor/libgit2/src/util/hash.h +13 -0
- data/vendor/libgit2/src/util/net.c +338 -84
- data/vendor/libgit2/src/util/net.h +7 -0
- data/vendor/libgit2/src/util/posix.h +2 -0
- data/vendor/libgit2/src/util/rand.c +4 -0
- data/vendor/libgit2/src/util/regexp.c +3 -3
- data/vendor/libgit2/src/util/thread.h +20 -19
- data/vendor/libgit2/src/util/util.h +1 -0
- metadata +7 -5
- data/vendor/libgit2/src/util/win32/findfile.c +0 -286
- data/vendor/libgit2/src/util/win32/findfile.h +0 -22
- /data/vendor/libgit2/src/{features.h.in → util/git2_features.h.in} +0 -0
@@ -16,6 +16,7 @@
|
|
16
16
|
#include "netops.h"
|
17
17
|
#include "smart.h"
|
18
18
|
#include "streams/socket.h"
|
19
|
+
#include "sysdir.h"
|
19
20
|
|
20
21
|
#include "git2/credential.h"
|
21
22
|
#include "git2/sys/credential.h"
|
@@ -245,8 +246,10 @@ static int ssh_agent_auth(LIBSSH2_SESSION *session, git_credential_ssh_key *c) {
|
|
245
246
|
|
246
247
|
rc = libssh2_agent_connect(agent);
|
247
248
|
|
248
|
-
if (rc != LIBSSH2_ERROR_NONE)
|
249
|
+
if (rc != LIBSSH2_ERROR_NONE) {
|
250
|
+
rc = LIBSSH2_ERROR_AUTHENTICATION_FAILED;
|
249
251
|
goto shutdown;
|
252
|
+
}
|
250
253
|
|
251
254
|
rc = libssh2_agent_list_identities(agent);
|
252
255
|
|
@@ -421,15 +424,116 @@ static int request_creds(git_credential **out, ssh_subtransport *t, const char *
|
|
421
424
|
return 0;
|
422
425
|
}
|
423
426
|
|
427
|
+
#define SSH_DIR ".ssh"
|
428
|
+
#define KNOWN_HOSTS_FILE "known_hosts"
|
429
|
+
|
430
|
+
/*
|
431
|
+
* Load the known_hosts file.
|
432
|
+
*
|
433
|
+
* Returns success but leaves the output NULL if we couldn't find the file.
|
434
|
+
*/
|
435
|
+
static int load_known_hosts(LIBSSH2_KNOWNHOSTS **hosts, LIBSSH2_SESSION *session)
|
436
|
+
{
|
437
|
+
git_str path = GIT_STR_INIT, sshdir = GIT_STR_INIT;
|
438
|
+
LIBSSH2_KNOWNHOSTS *known_hosts = NULL;
|
439
|
+
int error;
|
440
|
+
|
441
|
+
GIT_ASSERT_ARG(hosts);
|
442
|
+
|
443
|
+
if ((error = git_sysdir_expand_homedir_file(&sshdir, SSH_DIR)) < 0 ||
|
444
|
+
(error = git_str_joinpath(&path, git_str_cstr(&sshdir), KNOWN_HOSTS_FILE)) < 0)
|
445
|
+
goto out;
|
446
|
+
|
447
|
+
if ((known_hosts = libssh2_knownhost_init(session)) == NULL) {
|
448
|
+
ssh_error(session, "error initializing known hosts");
|
449
|
+
error = -1;
|
450
|
+
goto out;
|
451
|
+
}
|
452
|
+
|
453
|
+
/*
|
454
|
+
* Try to read the file and consider not finding it as not trusting the
|
455
|
+
* host rather than an error.
|
456
|
+
*/
|
457
|
+
error = libssh2_knownhost_readfile(known_hosts, git_str_cstr(&path), LIBSSH2_KNOWNHOST_FILE_OPENSSH);
|
458
|
+
if (error == LIBSSH2_ERROR_FILE)
|
459
|
+
error = 0;
|
460
|
+
if (error < 0)
|
461
|
+
ssh_error(session, "error reading known_hosts");
|
462
|
+
|
463
|
+
out:
|
464
|
+
*hosts = known_hosts;
|
465
|
+
|
466
|
+
git_str_dispose(&sshdir);
|
467
|
+
git_str_dispose(&path);
|
468
|
+
|
469
|
+
return error;
|
470
|
+
}
|
471
|
+
|
472
|
+
static void add_hostkey_pref_if_avail(
|
473
|
+
LIBSSH2_KNOWNHOSTS *known_hosts,
|
474
|
+
const char *hostname,
|
475
|
+
int port,
|
476
|
+
git_str *prefs,
|
477
|
+
int type,
|
478
|
+
const char *type_name)
|
479
|
+
{
|
480
|
+
struct libssh2_knownhost *host = NULL;
|
481
|
+
const char key = '\0';
|
482
|
+
int mask = LIBSSH2_KNOWNHOST_TYPE_PLAIN | LIBSSH2_KNOWNHOST_KEYENC_RAW | type;
|
483
|
+
int error;
|
484
|
+
|
485
|
+
error = libssh2_knownhost_checkp(known_hosts, hostname, port, &key, 1, mask, &host);
|
486
|
+
if (error == LIBSSH2_KNOWNHOST_CHECK_MISMATCH) {
|
487
|
+
if (git_str_len(prefs) > 0) {
|
488
|
+
git_str_putc(prefs, ',');
|
489
|
+
}
|
490
|
+
git_str_puts(prefs, type_name);
|
491
|
+
}
|
492
|
+
}
|
493
|
+
|
494
|
+
/*
|
495
|
+
* We figure out what kind of key we want to ask the remote for by trying to
|
496
|
+
* look it up with a nonsense key and using that mismatch to figure out what key
|
497
|
+
* we do have stored for the host.
|
498
|
+
*
|
499
|
+
* Populates prefs with the string to pass to libssh2_session_method_pref.
|
500
|
+
*/
|
501
|
+
static void find_hostkey_preference(
|
502
|
+
LIBSSH2_KNOWNHOSTS *known_hosts,
|
503
|
+
const char *hostname,
|
504
|
+
int port,
|
505
|
+
git_str *prefs)
|
506
|
+
{
|
507
|
+
/*
|
508
|
+
* The order here is important as it indicates the priority of what will
|
509
|
+
* be preferred.
|
510
|
+
*/
|
511
|
+
#ifdef LIBSSH2_KNOWNHOST_KEY_ED25519
|
512
|
+
add_hostkey_pref_if_avail(known_hosts, hostname, port, prefs, LIBSSH2_KNOWNHOST_KEY_ED25519, "ssh-ed25519");
|
513
|
+
#endif
|
514
|
+
#ifdef LIBSSH2_KNOWNHOST_KEY_ECDSA_256
|
515
|
+
add_hostkey_pref_if_avail(known_hosts, hostname, port, prefs, LIBSSH2_KNOWNHOST_KEY_ECDSA_256, "ecdsa-sha2-nistp256");
|
516
|
+
add_hostkey_pref_if_avail(known_hosts, hostname, port, prefs, LIBSSH2_KNOWNHOST_KEY_ECDSA_384, "ecdsa-sha2-nistp384");
|
517
|
+
add_hostkey_pref_if_avail(known_hosts, hostname, port, prefs, LIBSSH2_KNOWNHOST_KEY_ECDSA_521, "ecdsa-sha2-nistp521");
|
518
|
+
#endif
|
519
|
+
add_hostkey_pref_if_avail(known_hosts, hostname, port, prefs, LIBSSH2_KNOWNHOST_KEY_SSHRSA, "ssh-rsa");
|
520
|
+
}
|
521
|
+
|
424
522
|
static int _git_ssh_session_create(
|
425
523
|
LIBSSH2_SESSION **session,
|
524
|
+
LIBSSH2_KNOWNHOSTS **hosts,
|
525
|
+
const char *hostname,
|
526
|
+
int port,
|
426
527
|
git_stream *io)
|
427
528
|
{
|
428
|
-
int rc = 0;
|
429
|
-
LIBSSH2_SESSION *s;
|
430
529
|
git_socket_stream *socket = GIT_CONTAINER_OF(io, git_socket_stream, parent);
|
530
|
+
LIBSSH2_SESSION *s;
|
531
|
+
LIBSSH2_KNOWNHOSTS *known_hosts;
|
532
|
+
git_str prefs = GIT_STR_INIT;
|
533
|
+
int rc = 0;
|
431
534
|
|
432
535
|
GIT_ASSERT_ARG(session);
|
536
|
+
GIT_ASSERT_ARG(hosts);
|
433
537
|
|
434
538
|
s = libssh2_session_init();
|
435
539
|
if (!s) {
|
@@ -437,150 +541,276 @@ static int _git_ssh_session_create(
|
|
437
541
|
return -1;
|
438
542
|
}
|
439
543
|
|
544
|
+
if ((rc = load_known_hosts(&known_hosts, s)) < 0) {
|
545
|
+
ssh_error(s, "error loading known_hosts");
|
546
|
+
libssh2_session_free(s);
|
547
|
+
return -1;
|
548
|
+
}
|
549
|
+
|
550
|
+
find_hostkey_preference(known_hosts, hostname, port, &prefs);
|
551
|
+
if (git_str_len(&prefs) > 0) {
|
552
|
+
do {
|
553
|
+
rc = libssh2_session_method_pref(s, LIBSSH2_METHOD_HOSTKEY, git_str_cstr(&prefs));
|
554
|
+
} while (LIBSSH2_ERROR_EAGAIN == rc || LIBSSH2_ERROR_TIMEOUT == rc);
|
555
|
+
if (rc != LIBSSH2_ERROR_NONE) {
|
556
|
+
ssh_error(s, "failed to set hostkey preference");
|
557
|
+
goto on_error;
|
558
|
+
}
|
559
|
+
}
|
560
|
+
git_str_dispose(&prefs);
|
561
|
+
|
440
562
|
do {
|
441
563
|
rc = libssh2_session_handshake(s, socket->s);
|
442
564
|
} while (LIBSSH2_ERROR_EAGAIN == rc || LIBSSH2_ERROR_TIMEOUT == rc);
|
443
565
|
|
444
566
|
if (rc != LIBSSH2_ERROR_NONE) {
|
445
567
|
ssh_error(s, "failed to start SSH session");
|
446
|
-
|
447
|
-
return -1;
|
568
|
+
goto on_error;
|
448
569
|
}
|
449
570
|
|
450
571
|
libssh2_session_set_blocking(s, 1);
|
451
572
|
|
452
573
|
*session = s;
|
574
|
+
*hosts = known_hosts;
|
453
575
|
|
454
576
|
return 0;
|
577
|
+
|
578
|
+
on_error:
|
579
|
+
libssh2_knownhost_free(known_hosts);
|
580
|
+
libssh2_session_free(s);
|
581
|
+
return -1;
|
455
582
|
}
|
456
583
|
|
457
|
-
#define SSH_DEFAULT_PORT "22"
|
458
584
|
|
459
|
-
|
460
|
-
|
461
|
-
|
462
|
-
|
463
|
-
|
585
|
+
/*
|
586
|
+
* Returns the typemask argument to pass to libssh2_knownhost_check{,p} based on
|
587
|
+
* the type of key that libssh2_session_hostkey returns.
|
588
|
+
*/
|
589
|
+
static int fingerprint_type_mask(int keytype)
|
464
590
|
{
|
465
|
-
int
|
466
|
-
|
467
|
-
|
468
|
-
|
469
|
-
|
591
|
+
int mask = LIBSSH2_KNOWNHOST_TYPE_PLAIN | LIBSSH2_KNOWNHOST_KEYENC_RAW;
|
592
|
+
return mask;
|
593
|
+
|
594
|
+
switch (keytype) {
|
595
|
+
case LIBSSH2_HOSTKEY_TYPE_RSA:
|
596
|
+
mask |= LIBSSH2_KNOWNHOST_KEY_SSHRSA;
|
597
|
+
break;
|
598
|
+
case LIBSSH2_HOSTKEY_TYPE_DSS:
|
599
|
+
mask |= LIBSSH2_KNOWNHOST_KEY_SSHDSS;
|
600
|
+
break;
|
601
|
+
#ifdef LIBSSH2_HOSTKEY_TYPE_ECDSA_256
|
602
|
+
case LIBSSH2_HOSTKEY_TYPE_ECDSA_256:
|
603
|
+
mask |= LIBSSH2_KNOWNHOST_KEY_ECDSA_256;
|
604
|
+
break;
|
605
|
+
case LIBSSH2_HOSTKEY_TYPE_ECDSA_384:
|
606
|
+
mask |= LIBSSH2_KNOWNHOST_KEY_ECDSA_384;
|
607
|
+
break;
|
608
|
+
case LIBSSH2_HOSTKEY_TYPE_ECDSA_521:
|
609
|
+
mask |= LIBSSH2_KNOWNHOST_KEY_ECDSA_521;
|
610
|
+
break;
|
611
|
+
#endif
|
612
|
+
#ifdef LIBSSH2_HOSTKEY_TYPE_ED25519
|
613
|
+
case LIBSSH2_HOSTKEY_TYPE_ED25519:
|
614
|
+
mask |= LIBSSH2_KNOWNHOST_KEY_ED25519;
|
615
|
+
break;
|
616
|
+
#endif
|
617
|
+
}
|
470
618
|
|
471
|
-
|
619
|
+
return mask;
|
620
|
+
}
|
472
621
|
|
473
|
-
|
474
|
-
|
622
|
+
/*
|
623
|
+
* Check the host against the user's known_hosts file.
|
624
|
+
*
|
625
|
+
* Returns 1/0 for valid/''not-valid or <0 for an error
|
626
|
+
*/
|
627
|
+
static int check_against_known_hosts(
|
628
|
+
LIBSSH2_SESSION *session,
|
629
|
+
LIBSSH2_KNOWNHOSTS *known_hosts,
|
630
|
+
const char *hostname,
|
631
|
+
int port,
|
632
|
+
const char *key,
|
633
|
+
size_t key_len,
|
634
|
+
int key_type)
|
635
|
+
{
|
636
|
+
int check, typemask, ret = 0;
|
637
|
+
struct libssh2_knownhost *host = NULL;
|
638
|
+
|
639
|
+
if (known_hosts == NULL)
|
640
|
+
return 0;
|
641
|
+
|
642
|
+
typemask = fingerprint_type_mask(key_type);
|
643
|
+
check = libssh2_knownhost_checkp(known_hosts, hostname, port, key, key_len, typemask, &host);
|
644
|
+
if (check == LIBSSH2_KNOWNHOST_CHECK_FAILURE) {
|
645
|
+
ssh_error(session, "error checking for known host");
|
475
646
|
return -1;
|
647
|
+
}
|
476
648
|
|
477
|
-
|
478
|
-
s->session = NULL;
|
479
|
-
s->channel = NULL;
|
649
|
+
ret = check == LIBSSH2_KNOWNHOST_CHECK_MATCH ? 1 : 0;
|
480
650
|
|
481
|
-
|
482
|
-
|
483
|
-
else
|
484
|
-
error = git_net_url_parse_scp(&s->url, url);
|
651
|
+
return ret;
|
652
|
+
}
|
485
653
|
|
486
|
-
|
487
|
-
|
654
|
+
/*
|
655
|
+
* Perform the check for the session's certificate against known hosts if
|
656
|
+
* possible and then ask the user if they have a callback.
|
657
|
+
*
|
658
|
+
* Returns 1/0 for valid/not-valid or <0 for an error
|
659
|
+
*/
|
660
|
+
static int check_certificate(
|
661
|
+
LIBSSH2_SESSION *session,
|
662
|
+
LIBSSH2_KNOWNHOSTS *known_hosts,
|
663
|
+
git_transport_certificate_check_cb check_cb,
|
664
|
+
void *check_cb_payload,
|
665
|
+
const char *host,
|
666
|
+
int port)
|
667
|
+
{
|
668
|
+
git_cert_hostkey cert = {{ 0 }};
|
669
|
+
const char *key;
|
670
|
+
size_t cert_len;
|
671
|
+
int cert_type, cert_valid = 0, error = 0;
|
488
672
|
|
489
|
-
if ((
|
490
|
-
|
491
|
-
|
673
|
+
if ((key = libssh2_session_hostkey(session, &cert_len, &cert_type)) == NULL) {
|
674
|
+
ssh_error(session, "failed to retrieve hostkey");
|
675
|
+
return -1;
|
676
|
+
}
|
492
677
|
|
493
|
-
if ((
|
494
|
-
|
678
|
+
if ((cert_valid = check_against_known_hosts(session, known_hosts, host, port, key, cert_len, cert_type)) < 0)
|
679
|
+
return -1;
|
495
680
|
|
496
|
-
|
497
|
-
|
498
|
-
|
499
|
-
|
500
|
-
|
501
|
-
|
502
|
-
|
503
|
-
|
504
|
-
|
505
|
-
|
506
|
-
cert.
|
507
|
-
|
508
|
-
cert.hostkey_len = cert_len;
|
509
|
-
switch (cert_type) {
|
510
|
-
case LIBSSH2_HOSTKEY_TYPE_RSA:
|
511
|
-
cert.raw_type = GIT_CERT_SSH_RAW_TYPE_RSA;
|
512
|
-
break;
|
513
|
-
case LIBSSH2_HOSTKEY_TYPE_DSS:
|
514
|
-
cert.raw_type = GIT_CERT_SSH_RAW_TYPE_DSS;
|
515
|
-
break;
|
681
|
+
cert.parent.cert_type = GIT_CERT_HOSTKEY_LIBSSH2;
|
682
|
+
if (key != NULL) {
|
683
|
+
cert.type |= GIT_CERT_SSH_RAW;
|
684
|
+
cert.hostkey = key;
|
685
|
+
cert.hostkey_len = cert_len;
|
686
|
+
switch (cert_type) {
|
687
|
+
case LIBSSH2_HOSTKEY_TYPE_RSA:
|
688
|
+
cert.raw_type = GIT_CERT_SSH_RAW_TYPE_RSA;
|
689
|
+
break;
|
690
|
+
case LIBSSH2_HOSTKEY_TYPE_DSS:
|
691
|
+
cert.raw_type = GIT_CERT_SSH_RAW_TYPE_DSS;
|
692
|
+
break;
|
516
693
|
|
517
694
|
#ifdef LIBSSH2_HOSTKEY_TYPE_ECDSA_256
|
518
|
-
|
519
|
-
|
520
|
-
|
521
|
-
|
522
|
-
|
523
|
-
|
524
|
-
|
525
|
-
|
526
|
-
|
695
|
+
case LIBSSH2_HOSTKEY_TYPE_ECDSA_256:
|
696
|
+
cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_256;
|
697
|
+
break;
|
698
|
+
case LIBSSH2_HOSTKEY_TYPE_ECDSA_384:
|
699
|
+
cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_384;
|
700
|
+
break;
|
701
|
+
case LIBSSH2_KNOWNHOST_KEY_ECDSA_521:
|
702
|
+
cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_521;
|
703
|
+
break;
|
527
704
|
#endif
|
528
705
|
|
529
706
|
#ifdef LIBSSH2_HOSTKEY_TYPE_ED25519
|
530
|
-
|
531
|
-
|
532
|
-
|
707
|
+
case LIBSSH2_HOSTKEY_TYPE_ED25519:
|
708
|
+
cert.raw_type = GIT_CERT_SSH_RAW_TYPE_KEY_ED25519;
|
709
|
+
break;
|
533
710
|
#endif
|
534
|
-
|
535
|
-
|
536
|
-
}
|
711
|
+
default:
|
712
|
+
cert.raw_type = GIT_CERT_SSH_RAW_TYPE_UNKNOWN;
|
537
713
|
}
|
714
|
+
}
|
538
715
|
|
539
716
|
#ifdef LIBSSH2_HOSTKEY_HASH_SHA256
|
540
|
-
|
541
|
-
|
542
|
-
|
543
|
-
|
544
|
-
|
717
|
+
key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA256);
|
718
|
+
if (key != NULL) {
|
719
|
+
cert.type |= GIT_CERT_SSH_SHA256;
|
720
|
+
memcpy(&cert.hash_sha256, key, 32);
|
721
|
+
}
|
545
722
|
#endif
|
546
723
|
|
547
|
-
|
548
|
-
|
549
|
-
|
550
|
-
|
551
|
-
|
724
|
+
key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
|
725
|
+
if (key != NULL) {
|
726
|
+
cert.type |= GIT_CERT_SSH_SHA1;
|
727
|
+
memcpy(&cert.hash_sha1, key, 20);
|
728
|
+
}
|
552
729
|
|
553
|
-
|
554
|
-
|
555
|
-
|
556
|
-
|
557
|
-
|
730
|
+
key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
|
731
|
+
if (key != NULL) {
|
732
|
+
cert.type |= GIT_CERT_SSH_MD5;
|
733
|
+
memcpy(&cert.hash_md5, key, 16);
|
734
|
+
}
|
558
735
|
|
559
|
-
|
560
|
-
|
561
|
-
|
562
|
-
|
736
|
+
if (cert.type == 0) {
|
737
|
+
git_error_set(GIT_ERROR_SSH, "unable to get the host key");
|
738
|
+
return -1;
|
739
|
+
}
|
740
|
+
|
741
|
+
git_error_clear();
|
742
|
+
error = 0;
|
743
|
+
if (!cert_valid) {
|
744
|
+
git_error_set(GIT_ERROR_SSH, "invalid or unknown remote ssh hostkey");
|
745
|
+
error = GIT_ECERTIFICATE;
|
746
|
+
}
|
747
|
+
|
748
|
+
if (check_cb != NULL) {
|
749
|
+
git_cert_hostkey *cert_ptr = &cert;
|
750
|
+
git_error_state previous_error = {0};
|
751
|
+
|
752
|
+
git_error_state_capture(&previous_error, error);
|
753
|
+
error = check_cb((git_cert *) cert_ptr, cert_valid, host, check_cb_payload);
|
754
|
+
if (error == GIT_PASSTHROUGH) {
|
755
|
+
error = git_error_state_restore(&previous_error);
|
756
|
+
} else if (error < 0 && !git_error_last()) {
|
757
|
+
git_error_set(GIT_ERROR_NET, "unknown remote host key");
|
563
758
|
}
|
564
759
|
|
565
|
-
|
566
|
-
|
760
|
+
git_error_state_free(&previous_error);
|
761
|
+
}
|
567
762
|
|
568
|
-
|
763
|
+
return error;
|
764
|
+
}
|
569
765
|
|
570
|
-
|
571
|
-
(git_cert *)cert_ptr,
|
572
|
-
0,
|
573
|
-
s->url.host,
|
574
|
-
t->owner->connect_opts.callbacks.payload);
|
766
|
+
#define SSH_DEFAULT_PORT "22"
|
575
767
|
|
576
|
-
|
577
|
-
|
578
|
-
|
768
|
+
static int _git_ssh_setup_conn(
|
769
|
+
ssh_subtransport *t,
|
770
|
+
const char *url,
|
771
|
+
const char *cmd,
|
772
|
+
git_smart_subtransport_stream **stream)
|
773
|
+
{
|
774
|
+
int auth_methods, error = 0, port;
|
775
|
+
ssh_stream *s;
|
776
|
+
git_credential *cred = NULL;
|
777
|
+
LIBSSH2_SESSION *session=NULL;
|
778
|
+
LIBSSH2_CHANNEL *channel=NULL;
|
779
|
+
LIBSSH2_KNOWNHOSTS *known_hosts = NULL;
|
579
780
|
|
580
|
-
|
581
|
-
|
781
|
+
t->current_stream = NULL;
|
782
|
+
|
783
|
+
*stream = NULL;
|
784
|
+
if (ssh_stream_alloc(t, cmd, stream) < 0)
|
785
|
+
return -1;
|
786
|
+
|
787
|
+
s = (ssh_stream *)*stream;
|
788
|
+
s->session = NULL;
|
789
|
+
s->channel = NULL;
|
790
|
+
|
791
|
+
if ((error = git_net_url_parse_standard_or_scp(&s->url, url)) < 0 ||
|
792
|
+
(error = git_socket_stream_new(&s->io, s->url.host, s->url.port)) < 0 ||
|
793
|
+
(error = git_stream_connect(s->io)) < 0)
|
794
|
+
goto done;
|
795
|
+
|
796
|
+
/*
|
797
|
+
* Try to parse the port as a number, if we can't then fall back to
|
798
|
+
* default. It would be nice if we could get the port that was resolved
|
799
|
+
* as part of the stream connection, but that's not something that's
|
800
|
+
* exposed.
|
801
|
+
*/
|
802
|
+
if (git__strntol32(&port, s->url.port, strlen(s->url.port), NULL, 10) < 0) {
|
803
|
+
git_error_set(GIT_ERROR_NET, "invalid port to ssh: %s", s->url.port);
|
804
|
+
error = -1;
|
805
|
+
goto done;
|
582
806
|
}
|
583
807
|
|
808
|
+
if ((error = _git_ssh_session_create(&session, &known_hosts, s->url.host, port, s->io)) < 0)
|
809
|
+
goto done;
|
810
|
+
|
811
|
+
if ((error = check_certificate(session, known_hosts, t->owner->connect_opts.callbacks.certificate_check, t->owner->connect_opts.callbacks.payload, s->url.host, port)) < 0)
|
812
|
+
goto done;
|
813
|
+
|
584
814
|
/* we need the username to ask for auth methods */
|
585
815
|
if (!s->url.username) {
|
586
816
|
if ((error = request_creds(&cred, t, NULL, GIT_CREDENTIAL_USERNAME)) < 0)
|
@@ -651,6 +881,8 @@ done:
|
|
651
881
|
if (error < 0) {
|
652
882
|
ssh_stream_free(*stream);
|
653
883
|
|
884
|
+
if (known_hosts)
|
885
|
+
libssh2_knownhost_free(known_hosts);
|
654
886
|
if (session)
|
655
887
|
libssh2_session_free(session);
|
656
888
|
}
|
@@ -774,7 +1006,7 @@ static int list_auth_methods(int *out, LIBSSH2_SESSION *session, const char *use
|
|
774
1006
|
|
775
1007
|
/* either error, or the remote accepts NONE auth, which is bizarre, let's punt */
|
776
1008
|
if (list == NULL && !libssh2_userauth_authenticated(session)) {
|
777
|
-
ssh_error(session, "
|
1009
|
+
ssh_error(session, "remote rejected authentication");
|
778
1010
|
return GIT_EAUTH;
|
779
1011
|
}
|
780
1012
|
|
@@ -562,18 +562,23 @@ static int winhttp_stream_connect(winhttp_stream *s)
|
|
562
562
|
|
563
563
|
for (i = 0; i < t->owner->connect_opts.custom_headers.count; i++) {
|
564
564
|
if (t->owner->connect_opts.custom_headers.strings[i]) {
|
565
|
+
wchar_t *custom_header_wide = NULL;
|
566
|
+
|
565
567
|
git_str_clear(&buf);
|
566
568
|
git_str_puts(&buf, t->owner->connect_opts.custom_headers.strings[i]);
|
567
|
-
|
568
|
-
|
569
|
+
|
570
|
+
/* Convert header to wide characters */
|
571
|
+
if ((error = git__utf8_to_16_alloc(&custom_header_wide, git_str_cstr(&buf))) < 0)
|
569
572
|
goto on_error;
|
570
|
-
}
|
571
573
|
|
572
|
-
if (!WinHttpAddRequestHeaders(s->request,
|
574
|
+
if (!WinHttpAddRequestHeaders(s->request, custom_header_wide, (ULONG)-1L,
|
573
575
|
WINHTTP_ADDREQ_FLAG_ADD | WINHTTP_ADDREQ_FLAG_REPLACE)) {
|
574
576
|
git_error_set(GIT_ERROR_OS, "failed to add a header to the request");
|
577
|
+
git__free(custom_header_wide);
|
575
578
|
goto on_error;
|
576
579
|
}
|
580
|
+
|
581
|
+
git__free(custom_header_wide);
|
577
582
|
}
|
578
583
|
}
|
579
584
|
|
@@ -111,11 +111,11 @@ static int read_tree_internal(git_tree_cache **out,
|
|
111
111
|
/* The SHA1 is only there if it's not invalidated */
|
112
112
|
if (tree->entry_count >= 0) {
|
113
113
|
/* 160-bit SHA-1 for this tree and it's children */
|
114
|
-
if (buffer +
|
114
|
+
if (buffer + GIT_OID_SHA1_SIZE > buffer_end)
|
115
115
|
goto corrupted;
|
116
116
|
|
117
|
-
|
118
|
-
buffer +=
|
117
|
+
git_oid__fromraw(&tree->oid, (const unsigned char *)buffer, GIT_OID_SHA1);
|
118
|
+
buffer += GIT_OID_SHA1_SIZE;
|
119
119
|
}
|
120
120
|
|
121
121
|
/* Parse children: */
|
@@ -263,7 +263,7 @@ static void write_tree(git_str *out, git_tree_cache *tree)
|
|
263
263
|
git_str_printf(out, "%s%c%"PRIdZ" %"PRIuZ"\n", tree->name, 0, tree->entry_count, tree->children_count);
|
264
264
|
|
265
265
|
if (tree->entry_count != -1)
|
266
|
-
git_str_put(out, (char *)&tree->oid.id,
|
266
|
+
git_str_put(out, (char *)&tree->oid.id, GIT_OID_SHA1_SIZE);
|
267
267
|
|
268
268
|
for (i = 0; i < tree->children_count; i++)
|
269
269
|
write_tree(out, tree->children[i]);
|
@@ -85,11 +85,17 @@ static git_tree_entry *alloc_entry(const char *filename, size_t filename_len, co
|
|
85
85
|
char *filename_ptr;
|
86
86
|
size_t tree_len;
|
87
87
|
|
88
|
+
#ifdef GIT_EXPERIMENTAL_SHA256
|
89
|
+
size_t oid_size = git_oid_size(id->type);
|
90
|
+
#else
|
91
|
+
size_t oid_size = GIT_OID_SHA1_SIZE;
|
92
|
+
#endif
|
93
|
+
|
88
94
|
TREE_ENTRY_CHECK_NAMELEN(filename_len);
|
89
95
|
|
90
96
|
if (GIT_ADD_SIZET_OVERFLOW(&tree_len, sizeof(git_tree_entry), filename_len) ||
|
91
97
|
GIT_ADD_SIZET_OVERFLOW(&tree_len, tree_len, 1) ||
|
92
|
-
GIT_ADD_SIZET_OVERFLOW(&tree_len, tree_len,
|
98
|
+
GIT_ADD_SIZET_OVERFLOW(&tree_len, tree_len, oid_size))
|
93
99
|
return NULL;
|
94
100
|
|
95
101
|
entry = git__calloc(1, tree_len);
|
@@ -383,11 +389,12 @@ static int parse_mode(uint16_t *mode_out, const char *buffer, size_t buffer_len,
|
|
383
389
|
return 0;
|
384
390
|
}
|
385
391
|
|
386
|
-
int git_tree__parse_raw(void *_tree, const char *data, size_t size)
|
392
|
+
int git_tree__parse_raw(void *_tree, const char *data, size_t size, git_oid_t oid_type)
|
387
393
|
{
|
388
394
|
git_tree *tree = _tree;
|
389
395
|
const char *buffer;
|
390
396
|
const char *buffer_end;
|
397
|
+
const long oid_size = (long)git_oid_size(oid_type);
|
391
398
|
|
392
399
|
buffer = data;
|
393
400
|
buffer_end = buffer + size;
|
@@ -414,35 +421,33 @@ int git_tree__parse_raw(void *_tree, const char *data, size_t size)
|
|
414
421
|
if ((filename_len = nul - buffer) == 0 || filename_len > UINT16_MAX)
|
415
422
|
return tree_parse_error("failed to parse tree: can't parse filename", NULL);
|
416
423
|
|
417
|
-
if ((buffer_end - (nul + 1)) <
|
424
|
+
if ((buffer_end - (nul + 1)) < (long)oid_size)
|
418
425
|
return tree_parse_error("failed to parse tree: can't parse OID", NULL);
|
419
426
|
|
420
427
|
/* Allocate the entry */
|
421
|
-
|
422
|
-
|
423
|
-
GIT_ERROR_CHECK_ALLOC(entry);
|
424
|
-
|
425
|
-
entry->attr = attr;
|
426
|
-
entry->filename_len = (uint16_t)filename_len;
|
427
|
-
entry->filename = buffer;
|
428
|
-
git_oid_fromraw(&entry->oid, ((unsigned char *) buffer + filename_len + 1));
|
429
|
-
}
|
428
|
+
entry = git_array_alloc(tree->entries);
|
429
|
+
GIT_ERROR_CHECK_ALLOC(entry);
|
430
430
|
|
431
|
+
entry->attr = attr;
|
432
|
+
entry->filename_len = (uint16_t)filename_len;
|
433
|
+
entry->filename = buffer;
|
431
434
|
buffer += filename_len + 1;
|
432
|
-
|
435
|
+
|
436
|
+
git_oid__fromraw(&entry->oid, (unsigned char *)buffer, oid_type);
|
437
|
+
buffer += oid_size;
|
433
438
|
}
|
434
439
|
|
435
440
|
return 0;
|
436
441
|
}
|
437
442
|
|
438
|
-
int git_tree__parse(void *_tree, git_odb_object *odb_obj)
|
443
|
+
int git_tree__parse(void *_tree, git_odb_object *odb_obj, git_oid_t oid_type)
|
439
444
|
{
|
440
445
|
git_tree *tree = _tree;
|
441
446
|
const char *data = git_odb_object_data(odb_obj);
|
442
447
|
size_t size = git_odb_object_size(odb_obj);
|
443
448
|
int error;
|
444
449
|
|
445
|
-
if ((error = git_tree__parse_raw(tree, data, size)) < 0 ||
|
450
|
+
if ((error = git_tree__parse_raw(tree, data, size, oid_type)) < 0 ||
|
446
451
|
(error = git_odb_object_dup(&tree->odb_obj, odb_obj)) < 0)
|
447
452
|
return error;
|
448
453
|
|
@@ -506,6 +511,7 @@ static int git_treebuilder__write_with_buffer(
|
|
506
511
|
git_odb *odb;
|
507
512
|
git_tree_entry *entry;
|
508
513
|
git_vector entries = GIT_VECTOR_INIT;
|
514
|
+
size_t oid_size = git_oid_size(bld->repo->oid_type);
|
509
515
|
|
510
516
|
git_str_clear(buf);
|
511
517
|
|
@@ -529,7 +535,7 @@ static int git_treebuilder__write_with_buffer(
|
|
529
535
|
|
530
536
|
git_str_printf(buf, "%o ", entry->attr);
|
531
537
|
git_str_put(buf, entry->filename, entry->filename_len + 1);
|
532
|
-
git_str_put(buf, (char *)entry->oid.id,
|
538
|
+
git_str_put(buf, (char *)entry->oid.id, oid_size);
|
533
539
|
|
534
540
|
if (git_str_oom(buf)) {
|
535
541
|
error = -1;
|
@@ -41,8 +41,8 @@ GIT_INLINE(bool) git_tree_entry__is_tree(const struct git_tree_entry *e)
|
|
41
41
|
}
|
42
42
|
|
43
43
|
void git_tree__free(void *tree);
|
44
|
-
int git_tree__parse(void *tree, git_odb_object *obj);
|
45
|
-
int git_tree__parse_raw(void *_tree, const char *data, size_t size);
|
44
|
+
int git_tree__parse(void *tree, git_odb_object *obj, git_oid_t oid_type);
|
45
|
+
int git_tree__parse_raw(void *_tree, const char *data, size_t size, git_oid_t oid_type);
|
46
46
|
|
47
47
|
/**
|
48
48
|
* Write a tree to the given repository
|